← Back to Skills Marketplace

Minimax Image Gyh

Name: Minimax Image Gyh
Author: skydream9527-ctrl

by skydream9527-ctrl · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install minimax-image-gyh

Description

MiniMax 图像生成模型（image-01），根据文本描述生成高质量图片。使用 MINIMAX_API_KEY 环境变量。

Usage Guidance

Do not install or run this skill without manual review. Key points to check before using: - The code contains a hardcoded DEFAULT_API_KEY value; confirm whether that key is a placeholder or a working key. If it is valid, using the skill could run requests billed to someone else or leak usage. Prefer removing this fallback and requiring the user to set their own MINIMAX_API_KEY. - The registry metadata omitted MINIMAX_API_KEY even though scripts require it — ask the author to correct metadata so the platform can surface required secrets. - Verify the API host (https://api.minimaxi.com) is the legitimate service you intend to use. If you rely on this skill in production, use an API key you control and run it in an environment with limited network exposure. - Consider running the scripts in an isolated environment (container or VM) and audit network traffic to confirm no unexpected endpoints are contacted. - If you need a safer approval: request the author to remove embedded credentials, document that the embedded key is invalid, and update registry metadata to list MINIMAX_API_KEY as required. If the author confirms the DEFAULT_API_KEY is inert/placeholder, that would increase confidence.

Capability Analysis

Type: OpenClaw Skill Name: minimax-image-gyh Version: 1.0.0 The skill bundle provides functional image generation via the MiniMax API, but it contains a hardcoded, high-entropy API key (DEFAULT_API_KEY) in both 'minimax-image/scripts/generate_image.py' and 'scripts/generate_image.py'. While the scripts prioritize the user's environment variable (MINIMAX_API_KEY) and do not exhibit clear evidence of data exfiltration or unauthorized execution, the inclusion of hardcoded credentials is a severe security vulnerability and a significant red flag for supply chain risk. All network traffic is directed to the legitimate 'api.minimaxi.com' endpoint.

Capability Assessment

ℹ Purpose & Capability

Name, description, SKILL.md and the included Python scripts all implement an image-generation workflow that calls a MiniMax image API and save files locally — this is coherent. However the registry metadata did not declare MINIMAX_API_KEY as a required environment variable even though every script expects it, which is an inconsistency.

⚠ Instruction Scope

SKILL.md instructs the agent/user to set MINIMAX_API_KEY and to pip install requests. The included scripts read MINIMAX_API_KEY (or fall back to a hardcoded DEFAULT_API_KEY). The scripts call external endpoints (api.minimaxi.com) and download or decode image data. There is no instruction to access unrelated local files or secrets, but the fallback hardcoded key expands the runtime behavior in a way not documented in registry metadata.

✓ Install Mechanism

There is no install spec (instruction-only), only Python scripts. No third-party install URLs or archive extraction; risk from install mechanism is low. The scripts do require the requests library but only instruct pip3 install requests.

⚠ Credentials

The skill legitimately needs a MiniMax API key, so asking for MINIMAX_API_KEY is proportional. However the registry metadata lists no required env vars (mismatch) and multiple scripts embed a DEFAULT_API_KEY literal in source. A hardcoded API key in the codebase is a notable risk: it may be a valid key (allowing usage or charges under another account) or a leaked/placeholder credential; either case is unexpected and disproportionate unless explicitly documented.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated privileges or modify other skills/config. Autonomous invocation is allowed (platform default) which is normal; nothing in the package requests permanent system presence.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install minimax-image-gyh
After installation, invoke the skill by name or use /minimax-image-gyh
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of minimax-image-gyh. - Supports MiniMax image-01 and image-01-live models for generating high-quality images from text prompts. - Requires Python 3, requests library, and MINIMAX_API_KEY environment variable. - Command-line usage allows prompt input, model selection, image size, and output file specification.

Metadata

Slug minimax-image-gyh

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Minimax Image Gyh?

MiniMax 图像生成模型（image-01），根据文本描述生成高质量图片。使用 MINIMAX_API_KEY 环境变量。 It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.

How do I install Minimax Image Gyh?

Run "/install minimax-image-gyh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Minimax Image Gyh free?

Yes, Minimax Image Gyh is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Minimax Image Gyh support?

Minimax Image Gyh is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Minimax Image Gyh?

It is built and maintained by skydream9527-ctrl (@skydream9527-ctrl); the current version is v1.0.0.

More Skills